A recent webinar on Cyber Security and Philanthropy highlighted that cyber attacks can happen to anyone. According to Chris Andreen, Director of Development & Software Architect for the MacArthur Foundation, cyber security is a real and pressing need. Andreen adds there is big variance among the sector. For some this is an afterthought. In US, various NGOs are targeted by variety of actors. It is important to note that not just large nonprofits are targets.
Andreen notes “Cyber security is process to protect against unauthorized use of data. It is important to note that there is both financial risk and privacy risks if your data is not secure.” He also noted that this risk includes things like employee information, donor giving history, and client phone numbers.
Arthur Meulstee, IT & Information Security Manager, IKEA Foundation comments that hackers are lazy and will attack less prepared charities. He highlighted that 90% of cyber hacks are phishing campaigns and that small charities are at particular risk. Hacking is increasingly professional and is increasingly financially motivated. Worryingly, there is also a shift away from technology hacks to hacking humans. Human hacking is a more sophisticated form of phishing using a very convincing story to get employees to let the hacker in.
What’s a charity to do? Meulstee puts an emphasis on detection and response with limiting access on daily business. He notes that he is mot trying to forbid certain activities but rather provide suitable alternatives that have a good user-experience but that are more secure. IKEA requires this level of security from co-workers and business partners. In addition, IKEA has a list of 10 Do’s and Don’ts handed out to every IKEA coworker and posted in every meeting room.
Andreen also notes it is important to ensure all appliances receive regular and properly patching. Of particularly concern to those of us in the sector is his strong recommendation to avoid using any end of life technology. In addition, the Macarthur Foundation require regular password updates and does not let users may install software. He is a strong proponent of increased IT engagement with users and decreased number of users with administrative privileges. H also recommends limiting the number of programs that can ran on each device because it is easier to spot anomalies. He notes, “It will make you unpopular but safe.”
As David Goodman, Director of Impact, FLUXX, noted it is important to think about what happens when two worlds collide? The charity sector is asking for more transparency but also using more technology. It is challenging to balance being data driven with being transparent and secure. This is particularly true because many charities lack financial means and expertise to manage this. However the experience of the Red Barn in Alabama suggests that all charities need to start taking cyber security a lot more seriously.
Thanks to FLUXX labs for their sponsorship of this free Webinar. For more information on David check him out on Twitter @MeasureDoc, Chris at @macfound and Arthur at @IKEAFoundation
